Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
AnalysisAI
Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.
Technical ContextAI
The vulnerability is rooted in CWE-122 (Heap-based Buffer Overflow), meaning the affected HTTP-based service writes beyond the bounds of a heap-allocated buffer when processing malformed or unexpected HTTP request input. Heap overflows are distinct from stack overflows in that exploitation can corrupt adjacent heap metadata, function pointers, or application data structures - and, depending on heap layout, may enable outcomes beyond simple service crashes. The affected product is confirmed via CPE as cpe:2.3:a:checkpoint:quantum_security_gateway across a broad version range, meaning the flawed HTTP request parsing logic is present in the core gateway software rather than an optional add-on. The root cause is insufficient input validation during HTTP request parsing, allowing attacker-controlled data to overflow a dynamically allocated buffer.
RemediationAI
The primary remediation is to apply the appropriate Jumbo Hotfix for the installed release train per the Check Point vendor advisory at https://support.checkpoint.com/results/sk/sk184991. For R81.20, upgrade to Jumbo Hotfix Take 128 or later. For R82, upgrade to Jumbo Hotfix Take 92 or later. For R82.10, upgrade to Jumbo Hotfix Take 20 or later. Installations on R81.10 or earlier should be considered fully affected with no inline hotfix path confirmed from available data - upgrading to a supported release train with a published fix is the recommended course of action. If immediate patching is not feasible, reducing external exposure of the HTTP-based management or gateway service through network-level controls (firewall rules restricting access to the service port to trusted IP ranges only) would reduce the unauthenticated attack surface, though this introduces operational friction for environments that rely on broad gateway accessibility. No vendor-confirmed workaround short of patching is identified in available data.
More in Checkpoint
View allbackend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data
PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high sever
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the inte
Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x bef
Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to exec
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without us
Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoin
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31822
GHSA-xf23-668r-fgjv